package gradle.common.boot.admin.config;//package org.example.gradleadmin.config;

import org.springframework.context.annotation.Bean;
import org.springframework.context.annotation.Configuration;
import org.springframework.security.config.annotation.web.builders.HttpSecurity;
import org.springframework.security.config.annotation.web.configurers.AbstractHttpConfigurer;
import org.springframework.security.web.SecurityFilterChain;

import static org.springframework.security.config.Customizer.withDefaults;

/**
 * SecurityConfiguration - 专门为 Spring Boot Admin 监控配置的最小化安全配置
 *
 * @author 1141193930@qq.com
 */
@Configuration
public class SecurityAutoConfiguration {

    @Bean
    public SecurityFilterChain filterChain(HttpSecurity http) throws Exception {
        http
                // 禁用 CSRF（监控应用通常不需要）
                .csrf(AbstractHttpConfigurer::disable)
                // 启用 HTTP Basic 认证（Spring Boot Admin 需要使用此方式访问 actuator 端点）
                .httpBasic(withDefaults())
                // 配置授权规则
                .authorizeHttpRequests(auth -> auth
                        // Actuator 端点需要认证（用于 Spring Boot Admin）
                        .requestMatchers("/actuator/**").authenticated()
                        // 其他所有请求允许匿名访问（保持业务功能正常）
                        .anyRequest().permitAll());

        return http.build();
    }
}
